Attendees: Kevin Oerton(NXM), David Brown(Linaro), Kangkang Shen(Futurewei), Julius Werner(Google), Andrej Butok(NXP), Dan Handley(Arm), Okash(Google)
Minutes:
TF-A Roadmap update: Matteo
Walked thru roadmap page
Don: Can be found from the https://www.trustedfirmware.org/faq/ page as well.
Plan to keep this page up-to-date
Note the in-development section that shares active engineering activities.
Okash: Heard there was a push to make Hafnium compulsory. Is the EL3 SPMC a stop gap?
Matteo: Depends on use cases for TZ enablement. Google not mandating FF-A to the best of my knowledge. From Arm POV, if you want to isolate the normal world from malicious TAs/TEEs, Arm recommends using Hafnium Secure-EL2 reference.
Okash: S-EL2 adds code/architecture complexity. Need an IOMMU that supports S-EL2. Must look at tradeoffs. If OEMs want other secure VMs, I can see the advantage. Would all vendors want this? Is there an option not to use this (secure EL2) solution?
Matteo: Yes, TF-A doesn’t impose mandatory Hafnium usage. Can still use other SPM configs. From an upstream POV, there’s a limit to the long-term support for all the different configs. We can’t promise that EL3 SPMC will still be supported upstream in 2-3 years (though it can still be used downstream).
DanH: If there’s partner demand for long term support of the EL3 SPMC, we’re open to other non-Arm maintainers helping out.
Okash: Deprecating EL3 SPMC would send the message that Arm thinks partners should move to Hafnium (S-EL2). Not deprecating implies partners can choose.
Matteo: Some components in TF-A aren’t maintained by Arm.
Okash: Any discussions on long-term LTS releases?
Matteo: Has been discussed in the past, also in a previous tech forum. This lost traction, but a recent security issue (Spectre-BHB) has brought it back. Arm isn’t in a position to maintain it ourselves. We can discuss lighter options, like hotfix releases to most recent tagged release, as recently added to TF-M. Could do similar in TF-A. Must consider the cost of various options..
Okash: Can look at the phone ecosystem as an example starting point for what is required. Could provide a rough gauge for how many years an LTS needs to be maintained.
Dan: The cost of emulating the phone ecosystem would be high, for example you’d need to backport bug fixes to 3 year old releases. As Matteo says, this would be too much for Arm on its own. Partners would need to share those costs.
Okash: Google is interested but would also need other partners too.
Don: There’s a CI cost as well?
Dan: Yes
Matteo: Could this be a future TSC topic?
Dan: May be a good maillist topic so that non-members can chime in.
Okash: I restart the thread on the TF-A mailing list.
Matteo: reviewed ongoing/future tasks
MISRA tool integration into OpenCI now planned. Arm will remove reliance on internal instructure.
See tech forum recording on DRTM here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/
KangKang: How often will the roadmap be updated?
Matteo: It’s a live doc. Will try to update every quarter, but at least every 6 months. These roadmap presentations are roughly every 6 months.
Dan: TSC survey feedback: Should Open CI tasks be reviewed in TSC or Board?
Matteo: Not much discussed in the Board meeting. Perhaps high level strategy in Board and ticket/plans reviewed by TSC?
Dan: Should Board minutes be shared w/ TSC?
Don: Ask the Board?
Planned future TSC topics
OP-TEE
Action: Next session is an OP-TEE review. Don reach out to Rushika
Trusted Services: by Shebu
Open CI - a potential backlog/roadmap review in this round robin review